Invicti Vulnerability Integration
Summarize
Summary of Invicti Vulnerability Integration
The Invicti Vulnerability Integration enables ServiceNow customers to import and utilize application vulnerability data scanned by the Invicti product. This integration supports identifying, prioritizing, and managing security flaws in applications by importing Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) data directly into ServiceNow’s Application Vulnerability Response feature. The imported data is made accessible to the ServiceNow AI Platform® to enhance vulnerability management workflows.
Show less
Key Features
- Data Import: Imports detailed scan data from Invicti, including application details, scan timestamps, and specific vulnerability items.
- Integration Chain: The integration consists of three linked scheduled jobs—Application List Integration, Scan List Integration, and Application Vulnerable Item Integration—that run sequentially and can be executed manually or automatically on a daily schedule.
- Application Records: Supports importing applications into either the Discovered Applications table or the Scanned Application table, configurable via the
snvul.useproductmodelsystem property and associated CI lookup rules. - Vulnerability Mapping: Each vulnerability type from Invicti is mapped to a unique ID in ServiceNow, displayed clearly on Application Vulnerable Item records for precise tracking.
- Performance Monitoring: From version 1.1 onwards, the integration provides metrics such as processing times and integration run reports to monitor performance and troubleshoot effectively.
- Version Compatibility: Customers planning to upgrade to versions compatible with Unified Security Exposure Management (USEM) should choose versions starting with 30.x; otherwise, versions below 30.x are recommended.
Practical Benefits for ServiceNow Customers
- Automates the synchronization of Invicti vulnerability data, ensuring your vulnerability records are current and comprehensive.
- Improves prioritization and remediation efforts by integrating detailed scanner results into the ServiceNow vulnerability response workflow.
- Enables flexible configuration of application discovery and CI mapping to align with your organization’s CMDB and security processes.
- Facilitates tracking and analysis of vulnerabilities by providing clear identifiers and integration performance insights.
The Invicti Vulnerability Integration uses application data imported from the Invicti product to help you determine the impact and priority of flaws in your code.
Invicti Vulnerability Integration
The Invicti Vulnerability Integration collects scanner data and makes that data available to the ServiceNow AI Platform®. It easily integrates with the ServiceNow® Application Vulnerability Response feature of Vulnerability Response to map imported third-party application vulnerability information into your instance.
- Dynamic Application Security Testing (DAST)
- Interactive Application Security Testing (IAST)
For more information about DAST and IAST, see Exploring Application Vulnerability Response.
Available versions
| Release version | Release notes |
|---|---|
| If you intend to upgrade to a version that is compatible with Unified Security Exposure Management (USEM), please select a version starting with 30.x when installing or upgrading. | Application Vulnerability Response release notes For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes |
| If you do not intend to upgrade to a version that is compatible with Unified Security Exposure Management (USEM), please select a version below 30.x when installing or upgrading. |
Integrations
The following integrations are included in the base system. The integrations are chained so that after one integration successfully completes, the next integration is initiated. The integrations run in the order listed in the following table.
After the initial run, every day, scheduled jobs are chained to run these integrations automatically in order. You can also execute individual scheduled jobs manually. Scheduled jobs simplify the vulnerability remediation life cycle by keeping the instance synchronized with other vulnerability management systems.
| Integration | Description |
|---|---|
| Invicti Application List Application | Imports applications scanned by Invicti into the Discovered Applications [sn_vul_app_release] table or the Scanned Application [sn_vul_app_scanned_application] table based on how the
sn_vul.use_product_model system property is set for the CI lookup rule records.
You can choose to activate lookup rules with configuration items (CIs) as the lookup targets by modifying the system property. If you modify it, you should also activate CI Lookup rules to match the lookup target. For more
information, see: |
| Invicti Scan List Integration | This integration is initiated after the Application List Integration is successfully completed. This integration imports data about the date and time a scan was run. |
| Invicti Application Vulnerable Item Integration | This integration is initiated after the Scan List Integration is successfully completed. Starting with v1.1, view details such as total processing times, average times for pre- and post-integration run processes, and reports on the integration run records for the Application Vulnerable Item integration. Each vulnerability in Invicti has a type, for example,DirectoryListing. This type is mapped as a unique ID in your instance and displayed as part of the value in the Vulnerability field on the application vulnerable item (AVI) record: Invicti-DirectoryListing. For more information about mapping, see Invicti Vulnerability Integration state mapping. |
The upper limit for items per page for all three integrations is 200.